M0Labs

Introduction

M^0 Labs is building a decentralized framework for the permissionless minting of on-chain currencies, governed by decentralized institutions. At the core of the system lies the $M token—a digital representation of value designed to inherit the minimal risk profile of physical cash while offering the efficiency of programmable money.

Why Did They Need an Audit?

M^0's contracts coordinate sensitive economic mechanisms such as collateral verification via validators, dynamic mint rate enforcement, token inflation through governance voting, and auction-based token distribution. Failure in any of these areas could lead to infinite minting, unauthorized access to vaults, or denial of service (DoS) on key governance functions. The M^0 team engaged Three Sigma for a comprehensive 8 person-week audit ahead of mainnet deployment.

Results and Findings

Key High-Severity Issues

Missing deadline in Dutch auction buy leads to MEV risk

• Description: PowerToken.buy() lacked a deadline parameter, exposing buyers to significant losses via delayed execution of stale transactions at higher prices in future auctions. Mempool-pending transactions could be bundled by ZeroToken holders, extracting disproportionate value.
• Resolution: Deadline parameter added and enforced via timestamp check.

Validator signatures with zero timestamps are replayable indefinitely

• Description: If all validator signatures had timestamp zero, the update logic treated the timestamp as block.timestamp, allowing unlimited re-use of old signatures. This opened a path for a minter to misrepresent real-world collateral and mint $M backed by non-existent reserves.
• Resolution: Protocol now rejects any signature with a zero timestamp.

Notable Medium-Severity Issues

Total principal invariant in MToken can be silently broken

• Description: An unchecked addition in _addEarningAmount() could overflow principalOfTotalEarningSupply, especially when different rates are used across minting contracts. This overflow could persist until a safe cast fails in mint, but not always.
• Resolution: Now uses checked math to avoid silent overflows.

Timestamps with higher-than-minimum values reusable in validator consensus

• Description: A validator signature with a future timestamp could be re-used in multiple calls, as only the minimum of all timestamps is enforced. This could delay penalization or mislead the system about recency.
• Resolution: Acknowledged. Future fix may flag digests or limit deviation among timestamps.

In conclusion

Three Sigma performed a full-stack security review of M^0 Labs’ 2,927-line protocol, encompassing governance, validator signature verification, inflationary supply logic, and collateral-backed stablecoin minting. While no critical vulnerabilities were discovered, we identified two high-severity bugs that could be exploited by mempool relaying and signature replay. These were fully addressed. The M^0 system displays solid design fundamentals and is supported by extensive testing and modularity, though continued monitoring and validator behavior assumptions should remain a core focus post-launch.